Cisco Router Configuration Basics
-
Upload
courtney-bradshaw -
Category
Documents
-
view
101 -
download
0
description
Transcript of Cisco Router Configuration Basics
![Page 1: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/1.jpg)
Cisco Router Configuration
Basics
Scalable Infrastructure Workshop
![Page 2: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/2.jpg)
Router Components RAM
Holds operating system, data structures, packet buffers, ARP cache, and routing tables
Reset on reload Router’s running-config is stored in RAM
Flash Holds the IOS Is not erased when the router is reloaded
NVRAM Non-Volatile RAM - stores router’s startup-config Is not erased when router is reloaded
![Page 3: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/3.jpg)
Router Components Configuration Register
controls how router boots; value can be seen with “show version”
command; is normally 0x2102, which tells the router to
load the IOS from flash memory and the startup-config file from NVRAM
0x2142, tells the router to ignore the NVRAM configuration when rebooting
Leading “0x” means “hexadecimal”
![Page 4: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/4.jpg)
Purpose of the Config Register Reasons why you would want to modify
the config-register: Force the router into ROM Monitor Mode
(recovery mode) Select a boot source and default boot
filename Enable/Disable the Break function Control broadcast addresses Set console terminal baud rate Load operating software from ROM
![Page 5: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/5.jpg)
Configuration Overview Router configuration controls the
operation of the router’s: Interface IP address and netmask Routing information (static, dynamic or default) Boot and startup information Security (passwords and authentication)
![Page 6: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/6.jpg)
Where is the Configuration? Router always has two configurations:
Running configuration In RAM, determines how the router is currently
operating Is modified using the configure command To see it: show running-config
Startup confguration In NVRAM, determines how the router will operate
after next reload Is modified using the copy command To see it: show startup-config
![Page 7: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/7.jpg)
Where is the Configuration? Can also be stored in more permanent
places: External hosts, using TFTP, FTP, SCP, etc In flash memory in the router
Copy command is used to move it aroundcopy run start copy run tftpcopy start tftp copy tftp startcopy flash start copy start flash
![Page 8: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/8.jpg)
Router Access Modes User mode – limited access to router – no
configuration rights Router>
Privileged EXEC mode – detailed access and full configuration of the router, debugging, testing, file manipulation (router prompt changes to an octothorpe) Router#
ROM Monitor – useful for password recovery (amongst others)
Setup Mode – entered when router has no startup-config file
![Page 9: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/9.jpg)
External Configuration Sources Console
Direct PC serial access Auxiliary port
Modem access Virtual terminals
Telnet/SSH access TFTP Server
Copy configuration file into router RAM Network Management Software
e.g., CiscoWorks
![Page 10: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/10.jpg)
Changing the Configuration Configuration statements can be entered
interactively changes are made (almost) immediately, to the running
configuration Can use direct serial connection to console port,
or Telnet/SSH to vty’s (“virtual terminals”), or Modem connection to aux port, or Edited in a text file and uploaded to the router at
a later time via tftp/ftp/scp copy tftp start
![Page 11: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/11.jpg)
Logging into the Router Connect router to console port or telnet to router
router>router>enablepasswordrouter#router#?
Configuring the router Terminal (entering the commands directly)router# configure terminalrouter(config)#
![Page 12: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/12.jpg)
Connecting your FreeBSD Machine to the Router’s Console Port Connect your PC to the console port using
the serial cable provided Go to /etc/remote to see the device
configured to be used with "tip”. you will see at the end, a line begin with com1
bash$ tip com1 <enter>router>router>enablerouter#
![Page 13: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/13.jpg)
Address AssignmentsSWITCH
G
F
E
C
D
196.200.220.128/28
196.200.220.112/28
196.200.220.96/28
196.200.220.80/28
196.200.220.64/28
H
J
I
K
L
196.200.220.144/28
196.200.220.160/28
196.200.220.176/28
196.200.220.192/28
196.200.220.208/2819
6.20
0.22
0.0/
27
.7
.6
.5
.4
.3
.8
.9
.10
.11
.12
B196.200.220.48/28
A196.200.220.32/28
.2
.1
M196.200.220.224/2
8
N196.200.220.240/2
8
.13
.14
![Page 14: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/14.jpg)
Configuring your Router (1) Load configuration parameters into RAM
Router#configure terminal
Personalise router identification Router#(config)hostname RouterA
Assign console & vty passwords RouterA#(config)line console 0 RouterA#(config-line)password afnog
RouterA#(config)line vty 0 4 RouterA#(config-line)password afnog
Spaces count, so don’t add them at the end !!
![Page 15: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/15.jpg)
Configuring your Router (2) Set the enable (secret) password:
router(config)# enable secret afnog This MD5 encrypts the password
The old method was to use the enable password command. But this is not secure (weak encryption) and is ABSOLUTELY NOT RECOMMENDED. DO NOT USE!
Ensure that all passwords stored on router are (weakly) encrypted rather than clear text: router(config)# service password-encryption
![Page 16: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/16.jpg)
Configuring your Router (3) Configure interfaces
RouterA#(config)interface fastethernet 0/0 RouterA#(config-if)ip address n.n.n.n m.m.m.m RouterA#(config-if)no shutdown
Configure routing/routed protocols RouterA#(config)router bgp 100 RouterA#(config-router)
Save configuration parameters to NVRAM RouterA#copy running-config startup-config (or write memory)
![Page 17: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/17.jpg)
Configuring your Router (4) IP Specific Configuration
no ip source-route disable source routing ip domain-name domain-name ip nameserver n.n.n.n set name server
Static Route Creationip route n.n.n.n m.m.m.m g.g.g.gn.n.n.n = network blockm.m.m.m = network mask denoting block sizeg.g.g.g = next hop gateway destination packets are sent to
![Page 18: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/18.jpg)
Router Prompts – How to tell where you are on the router You can tell in which area of the router’s
configuration you are by looking at the router prompts - some examples:
Router> USER prompt modeRouter# PRIVILEGED EXEC prompt modeRouter(config) terminal configuration promptRouter(config-if) interface configuration promptRouter(config-subif) sub-interface configuration
promptrommon 1> ROM Monitor mode
![Page 19: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/19.jpg)
The NO Command Used to reverse or disable commands e.g
ip domain-lookupno ip domain-lookup
router ospf 1no router ospf 1
ip address 1.1.1.1 255.255.255.0no ip address
![Page 20: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/20.jpg)
Interface Configuration Interfaces are named by slot/type; e.g.:
ethernet0, ethernet5/1, serial0/0/0, serial2 And can be abbreviated:
ethernet0 or eth0 or e0 Serial0/0 or ser0/0 or s0/0
Interfaces are shutdown by default router(config-if)#no shutdown wake up interface
Description router(config-if)#description Link to Admin Building router
![Page 21: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/21.jpg)
Global Configuration Commands Cisco global config should always include:
ip classlessip subnet-zero (These are default as from IOS 12.2 release)
Cisco interface config should usually include:no shutdownno ip proxy-arpno ip redirectsno ip directed-broadcast
Industry recommendations are at http://www.cymru.com/Documents
![Page 22: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/22.jpg)
Looking at the Configuration Use “show running-configuration” to see the
current configuration
Use “show startup-configuration” to see the configuration in NVRAM, that will be loaded the next time the router is rebooted or reloaded (or show conf)
![Page 23: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/23.jpg)
Storing the Configuration on a Remote System Requires: ‘tftpd’ on a unix host; destination file
must exist before the file is written and must be world writable...rtra#copy run tftpRemote host []? n.n.n.nName of configuration file to write [rtra-confg]? Write file rtra-confg on Host n.n.n.n? [confirm]Building configuration...
Writing rtra-confg !![OK]router#
![Page 24: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/24.jpg)
Restoring the Configuration from a Remote System Use ‘tftp’ to pull file from UNIX host, copying to running-config
(added to existing running configuration) or startup-config (stored in configuration NVRAM and used on next reboot)
rtra#copy tftp startAddress of remote host [255.255.255.255]? n.n.n.nName of configuration file [rtra-confg]?Configure using rtra-confg from n.n.n.n? [confirm]Loading rtra-confg from n.n.n.n (via Ethernet0/0): !
[OK - 1005/128975 bytes]rtra# reload
![Page 25: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/25.jpg)
Getting Command Help IOS has a command help facility;
use “?” to get a list of possible configuration options “?” after the prompt lists all possible commands:
router#? “<command> ?” lists all possible subcommands
router#show ?router#show ip ?
“<partial command>?” lists all possible command completions:router#con? configure connect
![Page 26: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/26.jpg)
Getting Lazy Command Help TAB character will complete a partial word
hostel-rtr(config)#int<TAB>hostel-rtr(config)#interface et<TAB>hostel-rtr(config)#interface ethernet 0hostel-rtr(config-if)#ip add<TAB>hostel-rtr(config-if)#ip address n.n.n.n m.m.m.m
Not really necessary to complete command keywords; partial commands can be used:router#conf trouter(config)#int e0/0router(config-if)#ip addr n.n.n.n
![Page 27: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/27.jpg)
Editing Command history
IOS maintains a list of previously typed commands up-arrow or ‘^p’ recalls previous command down-arrow or ‘^n’ recalls next command
Line editing left-arrow, right-arrow moves cursor inside command ‘^d’ or backspace will delete character in front of cursor Ctrl-a takes you to start of line Ctrl-e takes you to end of line Ctrl-u deletes an entire line
Many other ‘unix-like’ tricks…
![Page 28: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/28.jpg)
Connecting your FreeBSD machine to the Router’s Console port
Look at your running configuration Configure an IP address for
fastethernet0/1 depending on your table use n.n.n.n for table A etc
Look at your running configuration and your startup configuration
Check what difference there is, if any
![Page 29: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/29.jpg)
Deleting your Router’s Configuration To delete your router’s configuration
Router#erase startup-config OR
Router#write eraseRouter#reload
Router will start up again, but in setup mode, since startup-config file does not exists
![Page 30: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/30.jpg)
Password RecoveryWorking around a forgotten or
lost password
![Page 31: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/31.jpg)
Disaster Recovery – ROM Monitor ROM Monitor is very helpful in recovering
from emergency failures such as: Password recovery Upload new IOS into router with NO IOS
installed Selecting a boot source and default boot
filename Set console terminal baud rate to upload new
IOS quicker Load operating software from ROM Enable booting from a TFTP server
![Page 32: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/32.jpg)
Getting to the ROM Monitor Windows using HyperTerminal for the console
session Ctrl-Break
FreeBSD/UNIX using Tip for the console session <Enter>, then ~# OR Ctrl-], then Break or Ctrl-C
Linux using Minicom for the console session Ctrl-A F
MacOS using Zterm for the console session Apple B
![Page 33: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/33.jpg)
Disaster Recovery:How to Recover a Lost Password Connect your PC’s serial port to the
router’s console port Configure your PC’s serial port:
9600 baud rate No parity 8 data bits 1 stop bit No flow control
![Page 34: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/34.jpg)
Disaster Recovery:How to Recover a Lost Password Your configuration register should be
0x2102; use “show version” command to check
Reboot the router and apply the Break-sequence within 60 seconds of powering the router, to put it into ROMMON mode
Rommon 1>confreg 0x2142Rommon 2>reset
Router reboots, bypassing startup-config file
![Page 35: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/35.jpg)
Disaster Recovery:How to Recover a Lost Password
Type Ctrl-C to exit Setup mode
Router>enableRouter#copy start run (only!!!)Router#show running
Router#conf tRouter(config)enable secret forgottenRouter(config)int e0/0…Router(config-if)no shutRouter(config)config-register 0x2102Router(config)Ctrl-Z or endRouter#copy run startRouter#reload
![Page 36: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/36.jpg)
Basic IPv6 Configuration
![Page 37: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/37.jpg)
IPv6 Configuration IPv6 is not enabled by default in IOS
Enabling IPv6:Router(config)# ipv6 unicast-routing
Disable Source RoutingRouter(config)# no ipv6 source route
Activating IPv6 CEFRouter(config)# ipv6 cef
![Page 38: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/38.jpg)
IPv6 Configuration - Interfaces Configuring a global or unique local IPv6 address:
Router(config-if)# ipv6 address X:X..X:X/prefix
Configuring an EUI-64 based IPv6 address (not such a good idea on a router):
Router(config-if)# ipv6 address X:X::/prefix eui-64
![Page 39: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/39.jpg)
IPv6 Configuration Note that by configuring any IPv6 address on an
interface, you will see a global or unique-local IPv6 address and a link-local IPv6 address on the interface Link-local IPv6 address format is FE80::interface-id
The local-link IPv6 address is constructed automatically by concatenating FE80 with Interface ID as soon as IPv6 is enabled on the interface: Router(config-if)# ipv6 enable
![Page 40: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/40.jpg)
IOS IPv6 Interface Status –Link Localbr01#sh ipv6 interface fast 0/1.220FastEthernet0/1.220 is up, line protocol is up IPv6 is enabled, link-local address is FE80::225:45FF:FE6A:5B39 No global unicast address is configured Joined group address(es): FF02::1 FF02::2 FF02::1:FF6A:5B39 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled
![Page 41: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/41.jpg)
IOS IPv6 Interface Statusbr01#sh ipv6 interface fast 0/1.223FastEthernet0/1.223 is up, line protocol is up IPv6 is enabled, link-local address is FE80::225:45FF:FE6A:5B39 Description: backbone Global unicast address(es): 2001:4348:0:223:196:200:223:254, subnet is 2001:4348:0:223::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF23:254 FF02::1:FF6A:5B39 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled
![Page 42: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/42.jpg)
IPv6 Configuration – Miscellaneous Disable IPv6 redirects on interfaces
interface fastethernet 0/0 no ipv6 redirects
Nameserver, syslog etc can be IPv6 accessible
ip nameserver 2001:db8:2:1::2ip nameserver 10.1.40.40
![Page 43: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/43.jpg)
Static Routing – IOS Syntax is:
ipv6 route ipv6-prefix/prefix-length {ipv6-address | interface-type interface-number} [admin-distance]
Static Route
ipv6 route 2001:db8::/64 2001:db8:0:CC00::1
Routes packets for network 2001:db8::/64 to a networking device at 2001:db8:0:CC00::1
![Page 44: Cisco Router Configuration Basics](https://reader035.fdocuments.net/reader035/viewer/2022062400/56812b0b550346895d8ef262/html5/thumbnails/44.jpg)
Cisco Router Configuration
Basics
Questions?